Terrorism goes low-tech

It’s not often that a high-tech computer guy like me advocates concentrating more on the low-tech side of things, but in the world of security, that might be where the new wars will be waged.

I spend part of my days reviewing and testing security hardware designed to thwart or at least alert people to the dangers of high-tech attacks. Many of these are information-gathering or network-killing attacks, and what some hackers (many possibly sponsored by foreign governments) can do is pretty amazing.

We once set up a honeypot network in the lab and loaded it with government-esque data. Given our government-sounding name, it didn’t take long before the hackers came out of the woodwork. We cataloged their moves and in some cases watched them work, as they stole the “valuable” data and poisoned the network in their wake. It’s interesting to note that the majority of these attacks came from China and the Far East, with quite a few from Hong Kong. But we stopped them. Indeed, the whole point of a honeypot network (named with a nod toward Winnie the Pooh and the time he got stuck in the honey jar) is to trap hackers and learn their tactics.

And I have to say that the high-tech defenses the government has in place are extremely efficient. Kudos goes to all the developers out there who battle these cyber terrorists every day and, for the most part, win.

But the danger now seems to be on the other end of the spectrum. I think terrorists have figured out that they can’t really compete with us on the high end, so they are reverting to low-tech weapons and attacks. The Times Square bomb attempt was one of the most low-tech attack attempts ever created. Pictures of the setup inside the car show cheap alarm clocks for timers that look like they were designed for a kid’s bedroom and propane tanks as the main fuel. Basically, the bomber just opened up the tanks to leak out gas, and then hoped the detonating charge would trigger the main blast. That didn’t happen, but according to NYC police, it was a very close call.

Low tech attacks have killed people in the United States before. On this very day, May 5, in 1945 five children and a pregnant woman were killed by an extremely low-tech balloon bomb launched by Japan. Japan no longer had the ability to attack the U.S. directly, so they reverted to the use of weather balloons carrying either incendiary or explosive payloads. The balloons sailed across the ocean in the jet stream in three days, and then crashed (sometimes) in the United States. Several landed in Canada and many went down in the ocean or in remote areas never to be found.

But one landed where pregnant Elsye Mitchell was having a church picnic with her Sunday school students. Unaware of the danger due to a government cover-up (the government didn’t want Japan to know the balloons were landing here) they approached the strange device and it exploded, killing Elsye and five children under the age of 14. Like the bomb, low-tech devices often don’t work. The Japanese fire balloons had a 0.067 percent kill ratio, but sometimes they explode just fine.

The Times Square bomb was thwarted by a Vietnam veteran selling T-shirts, who thought something didn’t look quite right, and a nearby mounted patrolman who got people out of the area quickly. Even if the bomb had exploded, their quick actions might have lessened the casualties.

The lesson for us is that a lot of money can be spent, and will be spent, in government budgets this year for high-tech security devices. But don’t forget to put something into physical security and protecting against the least common denominator as well. That may well be the new terrorist battleground, and we had better be prepared for it. Otherwise, like Elsye and her innocent school children, we may walk headfirst into great danger.

inside gcn

Reader Comments

Tue, May 11, 2010
M
DC Area

IEDs were first introduced during WWII in the Pacific theater as a means of using low-tech devices to destroy Japanese convoys on jungle roads. The use today is nothing new albeit the devices are vastly improved. The NYC Times Sq and the OKC Federal Bldg incidents are continuous reminders that low-tech still works. More ominous, low-tech devices typically are more effective at disrupting the normal activities of people a lot more than a hacker does.

Thu, May 6, 2010
Arthur Anderson

I've done Intel work with Counter IED and IED Network Defeat. Happy to say evolving strategies and tactics have helped in reducing the threat of these low-tech devices vastly since the start of ops nearly 10 years ago. Keep up the good work guys. Make us proud.

Thu, May 6, 2010
Willy Wheaton
L.A.

I agree in principal, but I have a question. If we start to go after the low-tech terrorists, won't they just shift back to the high-tech attacks?

Wed, May 5, 2010
Ash
New Mexico

Finally, someone speaking the truth. I keep telling my agency that we need to invest more in physical security. Having a bunch of high tech machines is great and needed but in the end you have to have a HUMAN to stop these people. Without the people aspect, the machines can only do so much, yet we seem to forget that. Now that the bad guys are going low tech, trained HUMANS are even more necessary. This can't be overstated now.

Please post your comments here. Comments are moderated, so they may not appear immediately
after submitting. We will not post comments that we consider abusive or off-topic.